ABSTRACT
In this talk I will discuss the need to establish clear differences between reliability and security for protecting cyber-physical systems (CPS).
This is particularly important given the recent interest from researchers in exploring the vulnerability of a CPS when an attacker has partial control of the sensor or actuator signals, which has led to the proposal of several anomaly detection schemes for CPS by using data collected from physical sensors (as opposed to traditional network sensors). In the general setting, data obtained from normal behavior of the system is used to create a model and then any outlier is considered an anomaly and a potential failure or attack; however, this line of research is very similar to the fault-detection, and safety mechanisms that have been deployed in control systems for decades. In particular, the protection of control systems has traditionally been enforced by several safety mechanisms, which include bad data detection, protective relays, safety shutdowns, interlock systems, robust control, and fault-tolerant control; however, so far there has not been a systematic study that tries to identify how much these protection mechanisms can help against attacks (as opposed to failures or accidents), and how can they be broken by an attacker and potentially fixed by a system designer that incorporates attack models in the design of their system.
In this talk I describe how current protection mechanisms are analogous to how error correcting codes are used in communications: they protect against a vast majority of random faults and accidents; however they are not secure against attacks - the way cryptographic hash functions are. As a community we need to revisit protection mechanisms available from control theory and then analyze them from a security perspective, giving new guidelines on security metrics and new ways to design attack-resilient CPS. In addition, we also need to avoid falling into the trap of proposing security mechanisms that are evaluated using similar tools from reliability.
Index Terms
- From CRCs to resilient control systems: differentiating between reliability and security for the protection of cyber-physical systems
Recommendations
Attacks against process control systems: risk assessment, detection, and response
ASIACCS '11: Proceedings of the 6th ACM Symposium on Information, Computer and Communications SecurityIn the last years there has been an increasing interest in the security of process control and SCADA systems. Furthermore, recent computer attacks such as the Stuxnet worm, have shown there are parties with the motivation and resources to effectively ...
Dependency-based security risk assessment for cyber-physical systems
AbstractA cyber-physical attack is a security breach in cyber space that impacts on the physical environment. The number and diversity of such attacks against Cyber-Physical Systems (CPSs) are increasing at impressive rates. In times of Industry 4.0 and ...
Attack models and scenarios for networked control systems
HiCoNS '12: Proceedings of the 1st international conference on High Confidence Networked SystemsCyber-secure networked control is modeled, analyzed, and experimentally illustrated in this paper. An attack space defined by the adversary's system knowledge, disclosure, and disruption resources is introduced. Adversaries constrained by these ...
Comments